Webinar Recording

Security in the Age of the Hybrid Multi Cloud Environment

Log in and watch the full video!

The way is clear for the hybrid multi-cloud environment! With an increase in cloud services, the mitigation of cyber risks within such environments becomes paramount. The value of traditional security tools for cloud applications is very limited and the misconfiguration of cloud platforms is a key threat to their security.

Log in and watch the full video!

Upgrade to the Professional or Specialist Subscription Packages to access the entire KuppingerCole video library.

I have an account
Log in  
Register your account to start 30 days of free trial access
Subscribe to become a client
Choose a package  
Hello, I'm Richard Hill in Analyst at co call. And today we're having a webinar about how United security providers can help protect web applications in a hybrid multi-cloud environment, using Docker based container services. And joining me today is Michael Levy, CEO of United security providers. So before getting into the webinar topic for today, here are some information about Cooper Cole. We have three major business areas, research where we provide vendor neutral research on identity, access management and security topics, as well as giving up to date. Objective advice. Second, we provide events where we conduct conferences, webinars like this one and other special events are relevant and leading edge topics. These events provide insight into industry trends, give good networking opportunities and a chance to meet the experts in the field. And third is advisory Cooper. Cole offers short term consulting engagements worldwide that can help your business be more successful, which we give the most current advice in the area.
Digital transformation Cooper Kohl's research comes in multiple formats like leadership compasses, which gives you an overview and insights into market segments, providing you a compass to help you find the product that you need. Executive views provides a condensed overview about a specific product or service focusing on products or service strengths and challenges, advisory notes, given an in depth research and analysis into a specific topic vendors or product service with deployment and operational recommendations, and then leadership briefs covering current business challenges with a clear focus on key issues. And we give advice on how to address them Cooper Cole's core advisory includes benchmarking and optimization that helps organizations to clearly understand the maturity of their process and systems such as readiness assessments of security technology areas, or product shirt, listing strategy support that helps provide direction for organizations to speed the decision making process or architecture and technology support to give clear vision and roadmaps for an it architecture and products.
Also, we give project guidance on project implementation through evaluation of an organization's projects. The next upcoming co Kohl event will occur in mid-September this year, which is the digital finance world, which will be held in Munich, Germany. Other event opportunities in September are the blockchain enterprise days and consumer identity world in Seattle, Washington. And again, in October in Amsterdam, both the cyber security leadership summit and the cyber access summit will occur in Berlin. On November 12th through the 14th. And later in November, the AI impact will be held in Munich. The conferences offer a mixture of best practices, discussions, visionary presentations, and networking opportunities with future oriented community. The conferences will expose you to leaders, leading vendors, Analyst, visionaries, executives, where attendees can be inspired by a list of world class speakers.
And now some guidelines for the webinar. Everyone will be automatically muted. So there's no need to worry about muting yourself will be recording the webinar, which should be available by tomorrow on the Coco website. Also we'll save some time at the end for questions and answers. The go-to meeting control panel has an area to type in your questions at any time regarding the agenda. I'll start out by talking about hybrid it reality and where we are today and then cover how container based software and platforms can help in a hybrid world. And then give an overview of web access management once done. I'll turn over the webinar to Michael Levy, to talk about how United security providers can help companies seeking to move their web applications to the cloud. Then finally, as I mentioned, we'll save some time at the end for questions and answer session. So I thought I would start out by giving some background on how we got into this hybrid situation we're in today. Traditionally the it environment has run within the walls of their perimeter. The identity and access management solutions were developed to address the business needs of this closed environment. Identities were managed and stored on premises and made available only to local access controlled systems to ensure that individuals just have access to the resources that they need.
As businesses extended beyond business to employee to include business to business, we started to see Federation hubs or bridges that extended the reach of where identity and access controls reside Federation allowed for secure exchange of user information. That could be between divisions within an organization or organizations in the same sector. Single sign-on systems gave users the ability to authenticate once not only across multiple it systems, but organizations too. Cloud services gave organizations new opportunities for it motivated by the business need to increase it flexibility and scalability while reduced in cost. And under the umbrella of identity as a service, there are many abilities, not only traditional I am, but also capabilities ranging from single sign on to full identity provisioning. Some are organizations with specific requirements or not being ready to use the public cloud services or platforms use private cloud, wanting to have tighter control over their environment.
The reality of today is that most organizations, it, data, applications and services are spread across on premise cloud and even multi-cloud environments. Certainly there will be business use cases that will ensure that it data, applications and services will remain on premises. While other use cases will drive the need to use cloud infrastructure and services ensuring that this hybrid environment continues for the foreseeable future. Notice that there are many different environments here, infrastructure platform, possibly different programming languages used, et cetera, which can make a difficult to develop consistent solutions across these environments. And I'll go over a possible solution to this, but first this slide summarizes some inherent hybrid cloud risk and their potential impact unless proper controls are implemented. Note that this does not consider the probability only the impact, which depends upon the deployment model for the service cloud. Customers will need to decide what risks are relevant to their use case.
Not every risk may be applicable to any specific cloud service use case. And there may be further risks that would need to be considered for the other use cases with the right controls. If correctly implemented this could help to reduce the impact or the probability of the risk because of these issues. It's important to choose qualified products and services that can address these types of risks, traditionally services and platforms, depending on servers built on top of operating systems and infrastructure hardware with one or more applications deployed to a server. And each application depends on its binaries and libraries with configuration files, tying the application components together. You might think of the traditional servers, kind of like pets. You give the server a lot of loving care by spending time building and configuring it. And when the server gets ill, something goes wrong or crashes. You nurse it back to health. Maybe you update some libraries or tweak some configuration files, but this often leads to differences in server configurations. And what should be the same application from server to server may not match this, makes it hard to troubleshoot and maintain over time. This problem becomes more difficult in hybrid environments because of the many different platforms and infrastructure and the hybrid environments. Today, there needs to be a consistent way to develop and deploy solutions across these environments.
Sometimes there's some confusion about virtual machines versus containers. Virtual machines run in a hypervisor environment and each virtual machine must include its own guest operating system related binaries and application files. This tends to consume a large amount of system resources and overhead, especially when multiple VMs are running on the same physical server containers. On the other hand, run in a container engine, the applications and all of its binaries and libraries are contained within it. The main difference here is that containers share the host operating system or kernel. So why are containers important? They provide a consistent environment. Developers could build upon predictable environments that are isolated from other applications and less specifically allowed the issues with software dependencies needed by applications that as I discussed with the traditional servers goes away since specific versions of programming languages run times and other software libraries are the same when the same container container image file is used to build the containers.
Also, there are more lightweight instead of virtualizing the hardware stock with VMs containers, virtualize at the operating system level, making them much faster to start and use much less memory compared to Booton and entire operating system like with VMs containers are also able to run just about anywhere. This greatly makes the development and deployment in DevOps, much easier. So you could think of containers more like where you build a container image on, on the container image. Containers build are much quicker since they are typically automated, but you use the same container image configuration. So they become identical like cattle. And when they get ill, you just get another one you could create and destroy them at a touch of a button or a call to an API.
Since there's a rising popularity of container based environments, there's also a growing number of tools to help with this. As mentioned earlier, containers provide a predictable, consistent environment. They're lighter weight than VMs, meaning that they could start faster and consume less resources and they could run just about anywhere. A container engine is provided. Docker is one of the most popular and used container software out there. And the more popular it is, the easier it is to find developers and DevOps that could use it. Kubernetes is an open source container orchestration system that allows for automating application deployments scaling in the management of containers. It was developed by Google about about five years ago, and is now maintained by the cloud native computing foundation. Kubernetes has become the defacto container orchestration tool to use in the market.
OpenShift provides a platform for containerized software developed by red hat. It is built around Docker and Kubernetes and OpenShift gives tools that allow developers to get up and running quickly using their quick, quick start application templates, for example. So developers could use their favorite programming languages for frameworks and database together. Docker, Kubernetes OpenShift has become one of the more popular developer stocks as with any software. There are inherent risks listed. Here are some container risks that you should be aware of. For example, the host that the container sits on may have vulnerabilities or the developed application that runs in the container may have some weaknesses that could be exploited since applications and services depend on APIs. Those APIs could be attacked as well, just as any platform service or application should have security applied to them. So should containers such as using design best practices or scanning for malware applying access controls in the principle of least per make and use of network segmentation or monitoring for malicious activity. That's just some examples. And there are some container security best practices that could be followed to mitigate container risks like hardening the host and container operating systems, registries and apps, using security gateways for APIs and other protocols, or using more advanced security that could provide behavior monitoring or anomaly detection.
When looking at access management and identity Federation, there are frequently seen as separate segments in the it market. But when you look at the business problems that they need to solve, these technologies become more inseparable. The business challenges to solve is how to support the connected and intelligent enterprise. Given that businesses demand support for business processes, for external partners and customers. They want to access to external systems and rapid onboarding of externals for controlled and compliant access to internal systems. They also request access to external services like cloud services, as well as capabilities to use their required access data to drive intelligence within their systems. The use of mobile devices has also leveraged onto organizations as the changing workforce wants to work anywhere and from any device. And it has to provide an infrastructure for this increasingly connected and intelligent enterprise. Given these business challenges, solutions have become available on the market to solve them such as cloud access management, cloud services, device management, and more intelligent, adaptive, authentication, and risk or contact space, access controls. These solutions provide businesses, the ability to be more agile address compliance requirements while being able to innovate and collaborate as well as maintaining their system security.
Since the connected enterprise means that organizations will have to deal with larger user populations than, than before identity Federation is a technology that is essential for any organization. It allows the enterprise to deal with external identities in all the different user populations while web access management. On the other hand comes into play when managing access to applications together, they're able to meet the demands of increasingly connected and intelligent enterprises. So web access management could be thought of a more approach that puts a layer in front of web application. Sometimes it's gateway or reverse proxy that takes over authentication, including single sign on capabilities, and usually some course grained authorization management to backend application services. It could also provide services such as HTP header injection to add authorization information to the HTP header that could be used by backend applications. Well solutions also support APIs for authorization calls to the system
As mentioned earlier, Federation extends to reach of where identity and access controls reside and allows security exchange users that could be between divisions with organizations or between organizations in the same sector. Identity Federation allows the splitting of authentication and authorization between identity providers and service providers or relying parties. Identity Federation could be used in various configurations, including Federation from internal directories and also there's outbound Federation that allows organizations to access external services, such as software as a service applications, cloud providers and partner services or inbound Federation that allows organizations to accept credentials from third party services like partner organizations or social networking services. Also there needs to be support to protocol standards such as oth 2.0 open ID connect, or even hum a while some digital identities representing the users are managed in the organization's internal directories. Others will be federated in from external identity providers or managed by employing cloud directories. So identity Federation is an essential technology for any organization. It allows enterprises to deal with external identities in all the different user populations. So quickly, here are some other functional criteria that you may wanna consider. And I would also like to mention that some solutions provide web application firewalls or wows, which is a good addition to any web access management solution. So now I will turn it over to Michael Levy from United security providers, Michael.
So hello everyone. This is Michael Levy speaking from United security providers. Thank you very much, Richard, for this very helpful introduction and details about web access management and the impact and the story about containerization. Few words about me first. So I have started my career some 30 years ago as a software development in the finance industry. And after having done that a couple of years have switched to cybersecurity and have done that ever since I am the founder and currently CEO of United security providers, a company that you might probably never have heard of before. We're a Switzerland based cybersecurity provider that specializes in web access management, where we have our own technology and unique intellectual property. And we provide managed security services all around the globe. Currently we operate security services in 65 countries on some 800 customer locations all over the world. As you see visualized in that, in that code map on, on the left below.
So because the stuff that we do is pretty advanced and interested in the way how we do it is pretty interesting. The company recently has been acquired by the Swisscom group. Now for all of you that never have heard about the Swisscom group, I'll make a very quick introduction about Swisscom Swisscom evolved from a classic telco, which has been servicing all of Switzerland to now a full service it partner, which is actually following the mission to help help its enterprise customers become data driven businesses. Haha very big, very big thing, but Swisscom actually, even if you might never have heard of them is one of the top 10 brands in, in Switzerland among other brands like Nestle RO and Rolex credit Swiss and so on among these top 10 brands and what Swisscom offers is everything an enterprise needs in the space of data communications.
So they have some 67% market share in broadband communications. They offer the full spectrum of mobile communications, 60% market share in that space, even TV services and, and TV entertainment content. So on the left hand side, you see a couple of additional brands that are owned by the Swisscom group. So we as United security brands are one of these brands within the Swisscom group among others. As you see fast web the Italian company or tele club pay TV and so on. So Swisscom is organized into residential customers and enterprise or business customers. And we are actually located in the enterprise customers or business customer space. So a few numbers about the enterprise customer space it's repeatedly rated the, the number one company, having the best infrastructure connectivity in, in the geography that we serve. Swisscom enterprise hires, 5,400 employees, roughly and services 6,000 plus enterprise customers all over Europe.
But obviously mainly in Switzerland, Swisscom is stock exchange trade. The symbol is SCM and has a current market valuation of approximately 25 billion Swiss Frans. We as United security providers are part of that Swisscom group, the enterprise customers division within the cloud and security space of this offering. So now I've told you that the mission of Swisscom is to support enterprise enterprises, to become data-driven enterprises. And, and we have been an acquisition which helps very much in that space and talking about becoming data driven enterprises. I have to talk about the digital transformation. I'm really sorry. All of you probably have heard this story over and over again and can't hear it anymore, but to give a quick introduction in what drives our business, it's actually pretty helpful to remember the fundamental elements. So when, when we're talking about the digital transformation, it's, it's always the same talk it's about enterprises trying to engage their customers in, in some applications or portals in, in, in some digitized processes or it's about empowering your employees to enable them working in modern work styles, mobile, wherever there are with any device and, and get things done quicker than before.
And, and this is one of the major drivers. So everyone strives for better competitiveness. So they're trying to optimize the business, automate integrate systems, integrate processes, optimizing the businesses, one of the major drivers in digital transformation as well. And at the end, let's say the major goal will be to actually transform your products and, and maybe become a mobility provider versus a car manufacturer and all these stories that you've heard in that space. But what all this stuff has in common is actually that it leads to massive use of new digital technologies all over the enterprise. So be it in the classic it space or in production space or in your supply chain or, or demand chain wherever. And, and while companies are doing this, they're creating more and more, more digital assets. So when you want to become a data-driven enterprise, it's actually pretty obvious that a lot of data is involved into that and that you will have multiple apps and portals and everything to access and, and manage all that data, ever more connected things, APIs and services to make, make your enterprise become able that machines talk to it and, and host all that stuff on your premises and in various clouds.
And why you do that more, more, all these digital assets actually make you become dependent of all these digital assets, which leads ultimately to the need that some poor guys have to ensure cyber protection of all these digital assets and have to manage all authentication or identities and all accesses to these digital assets. And this is where we come into into the play. Now this stuff is pretty simple, as long as you're in a, in a very much controlled on premise environment. But as soon as you come into a cloud or multi-cloud environment stuff, get complicated a bit more. And now many companies are trying to, to find the cloud solution, which serves all their needs. But this one size approach is difficult. As we can see from the stats. All the global hyperscalers are, are growing double digit. No one is really massively outpacing.
The other one, Amazon. I is the biggest, but Azure is catching up quick, but Google is doing good as well. And IBM now after having acquired red hat is, is getting better as well. So everyone is growing in that space, global hyperscalers. And on top in, in all geographies, we see a lot of local place trusted companies which have been servicing their customers for a long time alone in Switzerland. And we are a, a really small country. There are 60 plus cloud providers. The last time we've counted them and, and, and they all have the market share as well. And they all satisfy specific niche requirements very well, which makes them coexist with the global hyperscalers. And on top, of course, for every specific domain like here, visualized in the CRM space, there are a lot of interesting applications targeting at specific industries or at specific size of companies, which are additional cloud based applications that are sneaking into enterprise environments, maybe adopt from, from one division first and then spread further.
And, and, and as if this all were not enough, we've got a newborn unicorn almost every day. What you see here is, is statistics about the, the number of unicorns that have joined the market in the last couple of years. And it gets really crowded towards the end of this graphic, which was in January 27, but it doesn't matter. It continues the same. So all these unicorns offer a specific value and, and in all cases, they are leveraging new digital technologies and somehow make their way into the value chains of many enterprises as well. So what this actually, what we actually end up already today is multi-cloud is the reality. So hybrid multi-cloud approach is, is the reality that we see today. And, and it, it just displaces the one cloud fits all approaches that many have have been selecting in the beginning when they made the first steps in cloud.
And actually it's even, it makes a lot of sense because as, as enterprises seek to get the most out of their investments into digitalization, they can increasingly drive value from the integration of these multiple private public clouds by taking this hybrid multi-cloud approach. So actually you get more bang for the buck if you, if you master this skill. So if you master the integration of, of a hybrid multi-cloud environment than, than trying to move towards a one cloud fits all approach. So the hybrid multi-cloud environment is now, and it's, it's a reality for most of the companies, but it's not the only thing that has been changing. One big change is visualized through this picture. And let me talk, tell you a small story in the beginning. So in, in around 1956, a smart guy called Malcolm McLean had invented the first metal shipping container.
As we see many of them stacked here on the, on this picture, and it completely turned the logistics business and the, the, the shipping industry upside down. So with the before, before these containers were invented, all, all goods that were transported had to be manually loaded onto all these ships and, and it employed large numbers of, of dock workers all, all around the globe. And, and when the containers came, automation came as well. And actually even larger ships came after the containers had been invented because now it was so easy to load them quickly and to unload them quickly through all this automation. So the same idea now broke into this, this it, and, and the application and infrastructure space containerization has arrived. As Richard explained, it makes a lot of sense. These containers are easy to handle quick to deploy, very consistent, lightweight, consuming, little memory and all that stuff.
And, and the momentum this produces in the market is just gigantic. Like when we look at some KPIs from, from Docker and these numbers are already one year old, I'm sorry for that. But when Docker turned only five years old, we could see, for example, already 15,000 open job listings on LinkedIn, looking for, for know, how and skills with Docker technologies and, and 3.5 million applications had been docerized already, there were more than 200 active Docker user groups, all, all around the world and the, the, the containers, which are the result. Once you had your application, containerized had been downloaded 37 billion times. And that was, as I said, five after Docker turned five, roughly one, one year ago. And, and it all makes perfect sense because actually there's a lot of technological benefits. So to repeat quickly, what, what Richard had introduc introduced all these containers are, are really lightweight.
They come with smaller footprints than the VMs, very highly controlled environment, predictable, consistent environment. And it's simple to do version control. It's easy to do image updates, portability, massively improved. You can run these containers on virtually every infrastructure on your notebook, on your servers, on your in house equipment, on Amazon, on Azure, on any cloud, however you like. And it reduces obviously cloud vendor lock in as well. So, so there's a lot of, of technological benefits in, in using containerization. And even if not, everything is true and is marketing and sales of, of Docker, Kubernetes and, and OpenShift, then it doesn't matter that much still because customers actually perceive some business benefits. So even if not all technological benefits might be true to all extent the business perceives a lot of benefits as well in that space. So they, they see that containers offer greater agility and they, they offer cost savings, possibilities, offer high performance, and even businesses think that containers can help make them cloud ready, which is kind of weird, but I, if customers per perceive it that way, then investments flow into the technology and, and the technology gets adopted update.
So I think we will end up seeing a lot more adoption of containerization. Cisco even made the prediction that in the year 20 22, 90 5% of all new applications would be containerization containerized from the beginning. So only a very, very small percentage of applications will be newly created for not contained rice environments. So very quick adoption of this technology and, and this adoption is definitely quicker than one achieves to move away the legacy applications from, from the old environments, be it virtualized environments or even on-prem environments. So technology has changed. Containerization has arrived and all predictions actually point into the direction that this is going to transform the it landscape as radical as it bid in, in the shipping landscape. So now hybrid multi-cloud is where we end up, but it actually creates a lot of headaches as well. So a recent survey performed against some 100,000 plus security professionals on LinkedIn showed that nine out of 10 security professionals are actually deeply concerned about security in clouds and, and what they see.
Okay, top three challenges leaking the data threats to their data, privacy and breachs of confidentiality. Of course, it just touches all risks that you can have if you lose control over your data. And the biggest threats to cloud security actually come from unexpected directions. So it's not that the security isn't good it's that it's misconfigured and, and all these people obviously try to do to give their best, but still they end up with misconfigured cloud platforms and misconfigured access control systems and so on. And, and the reason is that it's more, more troublesome to, to maintain a large and differing set of technologies over all the environments you have to maintain. Remember, it's, it's not just one cloud that you have to master, but it's actually multiple technologies. And, and in every technology and in every stack, there is too little visibility. That's what they claim gives them headaches, too little visibility in how the infrastructure security's set up.
And, and they're just having large troubles with all these different technology sets to implement consistent security policies. And as they try their best they're misconfiguring many of these platforms, and actually in the end do not achieve compliance against the regulatories or against the internal policy that they have set. And actually the trend towards agile and DevOps is not solving the issue, but actually adding additional fuel to the, to the fire because well, application, there's a real, let's say cultural divide between application developers and infrastructure operators. While the infrastructure operators try to keep things stable and well controlled and, and do every change through a controlled repeatable process. The application developers are trying to get quicker and quicker to, to move to continuous delivery in, in ever shorter development cycles. They, they adopt their, their well, the tool set that they like best and, and move forward towards containerized environments.
So they want just free choice to behave agile and, and follow their customer's needs while on the other hand, infrastructure operations. And as I said, that cultural divide is, is having massive pressure to align with these development cycles and, and gets all problems magnified in these multiple environments. So all security vulnerabilities show up and, and, and they somehow have to handle it. And for them, it's just massively fast growing complexity to manage all these, all these tools. So this, this is really a, a diff situation that we think must get under control. And, and one of the first things that you have to achieve is actually that you need to, to do two things at once. First, somehow we need to enable centralized control for, for the security while allowing DevOps agility for all the developers and, and legacy security tools, unfortunately do not contribute a lot of value towards, towards that goal.
So this is the challenge that we took as being the United security providers and that we are addressing. So in order to get ready for the hybrid multi-cloud security technology must actually allow the implementation a consistent implementation of a corporate security baseline, overall deployments of your security control. So be it on premise and in all these clouds that you use and new technology has to be able to be deployed application centric. So we have to become aligned with the deployment of the security controls with the cycle of the application developers. We cannot have that two paced environments where infrastructure operations follows their pace and the application developers follow a different pace, but we have to go closer to the application developers into their life cycle, with the deployment of our security controls. This also helps prevent, let's say a late moment of truth when the application developers wants to, to go live with their application.
And that's the first time when they, when they hit the security environment. So when, when we align with the development life cycle and deploy the security controls application centric, then we get away a lot of these paints that we've been talking about. Okay. And, and also the classic security technology cannot really handle the, the highly dynamic nature of these containerized environments. So one of the core IDs of the containers is that you actually launch additional instances of containers as you need them. So if you have a lot of load, then you just launch more containers on, on, on your hyper scalable infrastructure. And all these instances will then satisfy the, the requests that you're, that you're getting. And, and if we are deploying security controls, application centric, then the security controls must scale up and down dynamically as well together with the application. And many of the today's security technologies cannot do that.
And even if they could, they need to be monitored and, and all the systems that surround them need to be aware of this dynamic nature of the security infrastructure, which takes us to the last point, because even if all this security controls are dynamically orchestratable and automatable, then again, you need to catch them all in the end and, and get all the locks and centrally detect eventual threats and security breaks in your, in your security operation center. So you need to be able to support central detection and reporting. And if, if you're able to do that, then actually we can claim something like being hybrid, multi-cloud ready with a given security technology. And that's exactly what we have done as United security prizes. We have since many years been developing web access management solution that serves really well in, in all environments that we have seen in the past.
So it consists out of an application delivery and web application firewall platform, which offers turnkey protection of applications against the classic OVAs top 10 threats, like injection cross site scripting and all that stuff in that space, it offers versatile an adaptive authentication with a single sign-on capabilities. So all that authentication piece, which enables to link in users with the authentication strengths you need and, and things with the authentication that you want them to to use. And it offers Federation capabilities. As Richard has been talking about, like the capability to, to use the identity, which lifts on premise against an application that lifts in the cloud or vice versa identities that live in the cloud against applications that live in other clouds or in other organizations and so on. And it encompasses client facing identity management solution because often companies do not want to manage their, let's say third party identities in their existing employee identity management systems.
And all these functionalities are actually well they've translate to things like reverse proxy and all that stuff, but we don't have to deep dive into that. The main thing is that all these components can be deployed in any setup. So regardless of the state and the strategy of cloud adoption with a given enterprise, this technology can be used in all setups. So be it classic hardware, on-prem deployment or virtual appliances in, in your together with your data center provider or containerized, as we've been talking about, or as a mix of them in hybrid multi-cloud environments, this is, this is how we can deliver all that stuff. So now when we look at classic use cases, how we do that, I have a say a canvas where we can paint the situation on top of it. So what, what we offer as USP service is the, the, all, everything to get ready in that containerized space.
So our team or RD team provides the security infrastructure containerized into the container registry that you need to later deploy and use this technology. That's, that's the first step that we do. And then our customers, or more specifically the security service owners of our customers are using our sales user interface to provide the security baseline of their company. So the, the configuration of the security controls into central configuration management system. And from there, the application owners or the application developers of the customers can launch these containers together with their applications, sorry, for not labeling the applications, but the gray spots that we see there on the top, right? That's actually symbolizing an application, which is some somewhere living in a container around time environment in a private or public cloud or, or, or on premise. Doesn't actually matter. Many enterprises are building up these containerized environments in their, on premises as well, actually, but doesn't matter.
So the application developers can take or launch the container, which will then come from the container registry together with the configuration that will, will supplied from the security service owner. And they parameterize it and, and define, let's say the final edges of it, its behavior through parameterization. Okay. And then as the next thing, all these containers or security containers will actually log their events and, and errors towards a, a log environment, which is a containerized environment as well. It can run in a cloud in a different cloud on the customer premises, wherever you like, and actually be used for central reporting and detection capabilities. So if we look at this from a slightly different viewpoint, if, if we have such a dock Kubernetes OpenShift based sample deployment, it could actually look like this in modern cloud based environment. We do have the applications living in containers.
Then the security service owners providing the baseline configuration, then the application owner launching the, the container together with his application in front of the application, in this application-centric deployment style in a, in a Docker OpenShift and based deployment, then the application users on machines or whatever can start to use the applications. If they need to be authenticated, this can be delegated to another cloud. So it could be based on our technology, as, as you've learned, we've provide this authentication of that and identity management solutions as well, but it could also be some cloud based service like pre-pop Okta at this is Okta this time. So it could be Okta and talk to Okta through Sam or open ID connect. So once the user is authenticated, it can start using the application and, and all the security commands lock there, information into the log environment. As we've discussed, where again, the application owners and the security owners can see all the events and, and all, all the detection alerts as well, which could look like this.
They look at their security cockpit. They see if they have threats, or if everything is normal, they can drill down into the instances of their security environments. As we see here and, and do whatever they think is necessary to supervise or, or report to their, to their bosses, they can drill down into the lock files and everything they need, as you would expect it from a modern approach in that space. So this is what we provide last slide, who is utilizing our technology. It's actually a multitude of companies. We have a lot of companies from the financial services, space, banks, insurances, and financial intermediate trees. We have a lot of industrial services companies, which are automating and augmenting the products. We have healthcare and public sector, but very large portion actually also is other it companies. So we have, we partnering with many data centers, independence, software vendors, managed service providers, you name them a lot of logos, not too important for the moment.
So this takes me to the end. I think if you can take away a few things from, from my piece of the session from Richard Richard's piece, I think we all have to accept today's hybrid multi-cloud reality, and we should embrace containerization rather sooner than later. So I think with that transitional nature of containerization, you don't want to be one of the laggard. So we should embrace that, especially if your enterprise creates or uses custom software just off the, off the shelf stuff. And then, I mean, the mission of us in the cybersecurity space is to maintain the security of, of our clients at all times. And, and you will have to maintain a corporate security baseline, even if, if your company adopts a hybrid multi-cloud environment and, and this implies having central detection and reporting capabilities, and to do that while using various onboard tools of each specific environment, this is nearly impossible and leads to that problem that we've seen in the beginning misconfiguration of these environments, which then leads to all these nasty things like loss of privacy and so on.
So we are convinced that application-centric deployment of security functionality together with dynamic orchestration possibilities is, is just necessary to move forward into natural and DevOps oriented work style. And yeah, it would be cool if, if someone remembers that we as USP offer a hybrid multi-cloud ready web access management solution, that includes all these capabilities. And if you want to learn more, then of course our experts will be more than happy to, to give you a demonstration or to discuss your project situation and, and help taking you forward. So thank you very much for joining today. And now I think I hand back to our host, which is opening the Q and a session.
Yes. Thank you, Michael. So we have about five minutes left for questions, just as a reminder in the control panel, you could enter any questions at any time, but I, I think we'll start with one of the questions. Are you providing this solution also as a managed service?
Huh. Okay. Short answer. Yes. Somewhat longer answer. Well, managed source is used for many things. What we understand is fall 24 7 managed security services, including monitoring and, and, and including incident handling at all times at, at a fixed rate. And this is what we actually do now in a containerized space. Operations is always somewhat mixed because typically the op the container platform is something that not, we do operate, but for example, is operated through Microsoft and red hat when it's the managed OpenShift environment on Azure. But yes, we, we collaborate with these guys and we provide fully managed solutions of all these technology.
Okay. Another question is, can ECS, and I'm assuming it's Amazon elastic container service also be connected to third party identity as a service providers like the Okta
Ah-huh. Yes, as I've quickly mentioned in, in one of the pictures where we've been looking at this Docker, Kubernetes OpenShift, sample architecture, the security component, delegates authentication using one of the standard protocols, either Sam protocol or open ID connect protocol. And through that, we can connect with many of these cloud based identity providers. And especially also with, with some of our clients do that very, very successfully actually.
Okay, great. How do you manage the corporate security baseline if containers are running on premises and in the cloud?
Okay. So what I think one of the big advantages of our technology is that our technology is the same when it's deployed cloud based or, or in on-prem environments. And with the same, I mean, it's not just label the same, some other vendors do. So it's the same basic functionality and the same configuration. So you're actually, well, the security professionals are actually a and able to use the same directive and commands and settings in all these environments using that user interface that I've been quickly showing the cloud based sales service. So you actually start to not recognize anymore where your security lifts. So you, you just use the same settings against, on premise and, and cloud based deployments.
Okay, good. And then probably the last question is how do you make sure that you have the visibility of the security across different cloud providers like AWS, Azure and Google?
Okay. Yeah. So very, very important question. So, as we've said, the, all the security components write their locks against a reporting environment and the reporting environment can be cloud-based as well. It can be cus it's a customer specific reporting environment, obviously. So we don't think it's a good idea to share customer security lock files in the same environment cloud based. So the architecture I is in a way that each client can log against his own environment and even dynamically launched and orchestrated containers will, will be aware of this logging environment and lock their, their events against that environment. And this is actually where the back end of our solution takes over and, and applies various detection mechanisms to visualize, let's say threats or, well, it might be in some cases suspected threats in, in that cloud based SAR environment. So we, we have all the information, the central reporting platform, we process it through our backend engine, which is elk. So elastic lock and visualize it against the, the user interface in the cloud based sales platform.
Okay. Well, thank you, Michael. I think that is the end of the question and answer session in the end of the webinar. So thank you for participating.
It was a pleasure. Thank you. And thanks everyone for participating.
All right. Goodbye.

Stay Connected

KuppingerCole on social media

Related Videos


Unifying the Perspectives - Application Access Governance

The application landscape in organizations is getting more and more complex. Applications from vendors are more plentiful - or they differ very much from each other - and the combination of on-prem and cloud applications is no longer unusual. It's easy to lose track of all the different…

Event Recording

Effects of Malware Hunting in Cloud Environments

Webinar Recording

A Comprehensive Approach to Solving SaaS Complexity

As businesses adopt cloud-based services as part of digital transformation programs to enable flexible working, boost productivity, and increase business agility to remain competitive, many IT and security teams are finding it challenging to gain oversight and control over the multitude of…

Webinar Recording

Multi-Cloud Permissions Management

Most businesses are adopting cloud services from multiple providers to remain flexible, agile, efficient, and competitive, but many do not have enterprise-wide control over and visibility of tens of thousands of cloud access permissions, exposing the enterprise to risk of security breaches.

Event Recording

Panel | Protocols, Standards, Alliances: How to Re-GAIN the Future Internet from the Big Platforms

In talking about a "Post Platform Digital Future", it is all about a Vision, or better: mission to not let the current platform dominance grow any further and create the foundations for a pluralistic digital society & business world where size would not be the only thing that matters.…

How can we help you

Send an inquiry

Call Us +49 211 2370770

Mo – Fr 8:00 – 17:00